In the latest plot twist of the crypto world’s hacking saga, NFT Trader, a once-popular swapping site, fell victim to a breach. This caper, unraveling on December 16, resulted in a pilfering spree by an audacious hacker targeting high-value Bored Apes, Art Blocks, World of Women, and VeeFriends—unleashing chaos in the NFT cosmos.
Enter 0xfoobar, the virtuoso founder of delegate.cash, and his 16-year-old coding accomplice, who played the digital detectives, sleuthing out the nefarious code in NFT Trader’s compromised contracts. They swiftly crafted a remedy to expunge the vulnerabilities. However, the drama doesn’t end here—users are urgently summoned to the NFT Trader stage to revoke any allowances tied to these contracts. Dive into the safe waters of revoke.cash, now fortified after the Ledger Connect library exploit quashing on December 14.
The cyber symphony of caution crescendos as a seasoned cybersecurity engineer and Wallet Guard ambassador advises users to embark on a pilgrimage to Revoke.Cash. The mission: unearth and promptly nullify any approvals for the beleaguered NFTTrader contracts. Failure to revoke could render assets vulnerable, the kind of digital menace even the most seasoned crypto voyagers wouldn’t wish upon their NFT treasures.
In the shadow of this escapade, a curious “scavenger” emerges, claiming responsibility for the hack. In an on-chain tête-à-tête with security researcher ZachXBT, the scavenger asserts a Robin Hood-esque ethos—“Hello, everyone. I’m a scavenger. First of all, monkeys are safe, and in the end, they come back to the user.” A digital rogue on a quest to profit from the spoils, or a benevolent soul rescuing monkeys from peril? The plot thickens.
The scavenger’s audacious offer to return pilfered NFTs—for a fee, of course—adds an intriguing twist. Users, however, are cautioned against parting with their hard-earned crypto, as this might be a honeyed trap. In the crypto wilderness, promises of redemption may mask deceitful snares.
As the hack dust settles, Yuga Labs co-founder Greg Solano pledges to be the knights in shining armor, offering to foot the ransom bill if the scavenger’s offer holds water. A digital quest to reclaim lost Apes—a noble endeavor in the NFT kingdom.
For users navigating this digital labyrinth, the sage advice includes the adoption of the “Three Address Protocol.” A vault wallet untainted by dApp connections, another for trustworthy engagements, and a burner wallet for the realm of untrusted websites—a triumvirate strategy for enhanced security. Augmenting this arsenal, the deployment of security browser plugins—Wallet Guard, Pocket Universe, or Revoke’s own plugin—creates a virtual fortress. These tools simulate transactions, sounding alarms if peril lurks.
As the NFT Trader hack reverberates through the metaverse, users stand at the crossroads, armed with knowledge and fortified by caution, ready to navigate the winding paths of the crypto wilderness.